Sign up for our weekly security newsletter

Gozi Trojan Returns as a New Variant

The Gozi Trojan is prowling the Net as a new variant leading to the return of the notorious malware, which is specialized to steal in bits users' protected financial information by breaking through with supposedly secure techniques.

The variant first came in notice on October 23, 2007 when miscreants in Russia set loose a bunch of malicious PDF files that attempted to seize vulnerable PCs through remote control.

Researcher Don Jackson with SecureWorks, provider of computer security, said that the malicious code converted PDF Reader application of Adobe into a malware dropper that installed the Gozi Trojan onto compromised computers. Channel Register published this in news on October 26, 2007.

Jackson further said that miscreants were smart to connect the Gozi with Adobe vulnerability. The advantage with the exploit in Adobe is that it is easy to use. Anyone who studies the proof of concept code would be able to adapt it creatively. CSO published Jackson's statement on October 25, 2007.

It seems the new attack represent quite well many successful techniques in the business of malware. The attack exploits the latest Acrobat flaw to deliver the Gozi Trojan, infamously effective and which widely infects computers through a bot. The Trojan also successfully evades spam filters with the help of the recent PDF spam.

According to security researcher Jose Nazario at Arbor Networks' CTO's office, the entire attack depends on the availability of opportunities. CSO published this in news on October 25, 2007.

Nazario added that these recent techniques have proved successful and miscreants use them to the point of no results or when someone finds a way to halt them. After they burn out the maximum utility of the techniques, they move on, he concluded.

The Gozi variant that is found under different names such as Orderjack, OrderGun, Small.BS, Germ, Ursnif, Snifula, Pinch and CWS can fall in the trap of only 26% of anti-virus providers.

With its first appearance in January 2007, the Gozi Trojan was noticed when an Internet surfer who was visiting Websites from home and work found that many accounts on those sites were hijacked.